It is the desire of service providers to be able to personalise data for users, in order to supply data appropriate for the user, for marketing purposes and the like. In order to be able to achieve this, service providers typically store user data in a user profile. Such data includes, for example, the user's name, address, income details, job details, transaction histories and so on. An example of this is shown in FIG. 1, in which user or client 10 communicates with a third party service provider 12 over the Internet. The service provider 12 includes a processor unit 14 and a database 16 in which the client's details are stored substantially permanently. In practice, as is well known, the service provider 12 may communicate with numerous other data providers (not shown in FIG. 1), which may or may not be part of the same organisation.
Generally, such data should be protected by the service provider and there are policies such as P3P and SAML to do just this. However, not all service providers honour such privacy policies and even when they do there are risks associated with theft of the service provider's data through hacking and by employees. Moreover, there are occasions where a user does not want to disclose certain data to a third party service provider but nevertheless wishes to receive data related to his/her preferences or other personal characteristics. The problem is compounded with the fact that many web sites are not secure and are actually monitored or provided by separate entities, often without the user's knowledge. These other entities can be associated companies, advertisers and so on. Furthermore, even if a company can only obtain a part of a user's profile from one source, software and tracking are sufficiently advanced that such entities are able to aggregate partial data to reconstruct a user's profile from separate sources, again without the user's knowledge.
A prior art solution to this problem involves locating on a user's device (computer, mobile telephone, PDA and so on) a service provider private agent which stores the user's profile within the user's device and transmits unpersonalised requests to the service provider. In response, the service provider returns unpersonalised data which is then analysed by the private agent to personalise that data. An example of such a system is shown in FIG. 2, in which a client device 10′ is protected by a firewall 20 of conventional type and stores its private profile in memory 22. Within the client device 10′ there is also provided the service provider private agent 24 which is associated with the external service provider 12′ in so far as it is set up to receive and analyse unpersonalised responses sent by the service provider 12′ to unpersonalised requests sent by the client device 10′. For this purpose, the service provider 12′ can access public or semi-private data providers 26 to obtain data for the client 10′.
Although such a system can keep a user's data private, it requires co-operation from the service providers in order to work. This therefore makes it of limited practical use.